Professional Documents
Culture Documents
Breakout Session AP01 Chris Skinner Senior Technical Instructor ,VMware, Inc.
February 25, 2009
Disclaimer
This session may contain product features that are currently under development. This session/overview of the new technology represents no commitment from VMware to deliver these features in any generally available product. Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind. Technical feasibility and market demand will affect final delivery. Pricing and packaging for any new technologies or features discussed or presented have not been determined.
These features are representative of feature areas under development. Feature commitments are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind. Technical feasibility and market demand will affect final delivery.
Agenda
Why should we virtualize Active Directory?
Why Virtualize?
Policy testing Schema changes Migration/upgrade testing Domain reconfigurations Deployment scenarios Disaster recovery solutions
Limiting physical access Additional administrative controls Separate applications from domain controllers
Time Synchronization
Virtualization Challenges
HKLM\System\CurrentControlSet\Services\W32Time\Config
Change AnnounceFlags REG_DWORD from 10 to 5
2. Stop and restart time service net stop w32time net start w32time 3. Manually force update w32tm /resync /rediscover
Modify
Enable ESX server NTP daemon to sync with external stratum NTP source
VMware Knowledge Base ID# 1339
Performance Issues
Virtualization Challenges
Requires significantly less hardware to achieve greater number of virtualized domain controllers Greater number of domain controllers provides better logon results, less points of failure
Performance Summary
Virtualization does not necessarily increase performance Proper planning of resource allocation is still important Its still important to follow Microsofts best practices for the strategic placement of FSMO role servers, catalog servers, etc.
Virtualization Challenges
Security, Network and Replication
Network - Connections
Virtualization Challenges
High Availability & Disaster Recovery/Preparedness
All Active Directory restorations should be performed using authoritative and non-authoritative methods
Do not recover an Active Directory database from a backup copy of an old virtual disk!
Continue to follow best practices around the placement of key, critical roles
64-bit
16GB
100,000
2.5 million
HKLM\System\CurrentControlSet\Services\Netlogon\Parameters
LdapSrvPriority DWORD decimal value to 100 or 200
Physical domain controllers should be adjusted similarly to decrease dependencies on PDC emulator
DNS Modifications
Can also be changed within DNS manager Registry changes do not require a reboot
Best Practices
Avoid snapshots or REDOs for domain controller virtual machines Do not suspend domain controller virtual machines for long periods Consistent and regular system state backups still very important Avoid physical to virtual DC conversions
VI OPS Portal
A customizable collaboration site for sharing role and subject based proven, prescriptive, and actionable guidance. Features Approved Operational Practices Best Practices of Industry Experts Prescriptive Guidance For customers by customers Consistent appearance
http://viops.vmware.com
Additional Information
VMware Time Sync and Windows Time Service
VMware Knowledge Base ID# 1318 - http://kb.vmware.com/kb/1318
How to detect and recover from a USN rollback in Windows Server 2003
http://support.microsoft.com/kb/875495
How to detect and recover from a USN rollback in Windows 2000 Server
http://support.microsoft.com/kb/885875
Support policy for Microsoft software running in non-Microsoft hardware virtualization software
http://support.microsoft.com/kb/897615
Thank you!!
Thank you for coming. Rate your session and watch for the highest scores!